X

Vous n'êtes pas connecté

Rubriques :

Maroc Maroc - ITSECURITYNEWS.INFO - A La Une - 13/Dec 18:04

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum…

Articles similaires

Sorry! Image not available at this time

OpenWrt Sysupgrade flaw let hackers push malicious firmware images

bleepingcomputer.com - 09/Dec 22:33

A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious...

Sorry! Image not available at this time

New critical Apache Struts flaw exploited to find vulnerable servers

bleepingcomputer.com - 17/Dec 18:04

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to...

Sorry! Image not available at this time

U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

securityaffairs.co - 20/Dec 10:43

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection...

Sorry! Image not available at this time

CISA adds BeyondTrust CVE-2024-12356 to its KEV Catalog

thecyberthrone.in - 20/Dec 01:22

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356:...

Sorry! Image not available at this time

WordPress WPForms flaw CVE-2024-11205

thecyberthrone.in - 10/Dec 10:40

A critical vulnerability has been discovered in WordPress plugin WPForms. The flaw allows authenticated attackers with subscriber-level privileges or...

Sorry! Image not available at this time

Apache Struts was affected by CVE-2024-53677

thecyberthrone.in - 13/Dec 03:59

Apache Struts framework has been detected with a critical vulnerability that could allow attackers to execute malicious code remotely, posing a...

Sorry! Image not available at this time

U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

securityaffairs.co - 14/Dec 16:46

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities...

Sorry! Image not available at this time

CISA Adds Four Known Exploited Vulnerabilities to Catalog

itsecuritynews.info - 18/Dec 16:04

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation....

Sorry! Image not available at this time

Ivanti fixed a maximum severity vulnerability in its CSA solution

itsecuritynews.info - 11/Dec 15:34

Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical...

Sorry! Image not available at this time

CISA adds CVE-2024-49138 to its KEV Catalog

thecyberthrone.in - 11/Dec 07:38

The US CISA adds Microsoft vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation. The...